(tooling-trusted-releases) branch main updated: Use the Tooling project as a committee proxy in ASFQuart session data

Wed, 28 Jan 2026 09:28:19 -0800 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new fa62aea  Use the Tooling project as a committee proxy in ASFQuart 
session data
fa62aea is described below

commit fa62aeacd95eef5c73c2dd5f3cc3435727d56f65
Author: Sean B. Palmer <[email protected]>
AuthorDate: Wed Jan 28 17:27:27 2026 +0000

    Use the Tooling project as a committee proxy in ASFQuart session data
---
 atr/principal.py        | 28 ++++++++++++++++++++++++++++
 atr/server.py           |  3 +++
 atr/storage/__init__.py | 15 +++++++++++++++
 3 files changed, 46 insertions(+)

diff --git a/atr/principal.py b/atr/principal.py
index 7ebb530..c98c1f2 100644
--- a/atr/principal.py
+++ b/atr/principal.py
@@ -266,6 +266,10 @@ class AuthoriserASFQuart:
 
         committees = frozenset(asfquart_session.committees)
         projects = frozenset(asfquart_session.projects)
+        if "tooling" in projects:
+            # Tooling project members are actually Tooling committee members
+            # This is a special case, and reflects a similar special case in 
LDAP
+            committees = committees.union({"tooling"})
         committees, projects = _augment_test_membership(committees, projects)
 
         # We do not check that the ASF UID is the same as the one in the 
session
@@ -273,6 +277,12 @@ class AuthoriserASFQuart:
         self.__cache.member_of[asf_uid] = committees
         self.__cache.participant_of[asf_uid] = projects
         self.__cache.last_refreshed[asf_uid] = int(time.time())
+        log.debug(
+            "AuthoriserASFQuart cache refreshed",
+            asf_uid=asf_uid,
+            committees=sorted(committees),
+            projects=sorted(projects),
+        )
 
 
 class AuthoriserLDAP:
@@ -305,6 +315,12 @@ class AuthoriserLDAP:
             self.__cache.member_of[asf_uid] = committees
             self.__cache.participant_of[asf_uid] = projects
             self.__cache.last_refreshed[asf_uid] = int(time.time())
+            log.debug(
+                "AuthoriserLDAP cache refreshed (test user)",
+                asf_uid=asf_uid,
+                committees=sorted(committees),
+                projects=sorted(projects),
+            )
             return
 
         if config.get_mode() == config.Mode.Debug:
@@ -319,6 +335,12 @@ class AuthoriserLDAP:
                 self.__cache.participant_of[asf_uid] = projects
                 self.__cache.last_refreshed[asf_uid] = int(time.time())
                 log.info(f"Loaded session data for {asf_uid} from session 
cache file")
+                log.debug(
+                    "AuthoriserLDAP cache refreshed (session cache)",
+                    asf_uid=asf_uid,
+                    committees=sorted(committees),
+                    projects=sorted(projects),
+                )
                 return
 
         try:
@@ -332,6 +354,12 @@ class AuthoriserLDAP:
             self.__cache.member_of[asf_uid] = committees
             self.__cache.participant_of[asf_uid] = projects
             self.__cache.last_refreshed[asf_uid] = int(time.time())
+            log.debug(
+                "AuthoriserLDAP cache refreshed (LDAP)",
+                asf_uid=asf_uid,
+                committees=sorted(committees),
+                projects=sorted(projects),
+            )
         except CommitterError as e:
             raise AuthenticationError(f"Failed to verify committer: {e}") from 
e
 
diff --git a/atr/server.py b/atr/server.py
index 032424e..1ef0d60 100644
--- a/atr/server.py
+++ b/atr/server.py
@@ -347,6 +347,9 @@ def _app_setup_logging(app: base.QuartApp, config_mode: 
config.Mode, app_config:
         handlers=[log.StructlogQueueHandler(log_queue)],
         force=True,
     )
+    # Silence noisy dependency loggers even in DEBUG
+    logging.getLogger("aiosqlite").setLevel(logging.INFO)
+    logging.getLogger("hpack.hpack").setLevel(logging.INFO)
 
     loggers.configure_structlog(shared_processors)
 
diff --git a/atr/storage/__init__.py b/atr/storage/__init__.py
index 6115791..05a114c 100644
--- a/atr/storage/__init__.py
+++ b/atr/storage/__init__.py
@@ -270,8 +270,23 @@ class Write:
 
     def as_committee_member_outcome(self, committee_name: str) -> 
outcome.Outcome[WriteAsCommitteeMember]:
         if self.__authorisation.asf_uid is None:
+            log.debug(
+                "write.as_committee_member denied",
+                reason="no_asf_uid",
+                committee_name=committee_name,
+                auth_source="asfquart" if 
self.__authorisation.is_asfquart_session else "ldap",
+            )
             return outcome.Error(AccessError("Not authorized"))
         if not self.__authorisation.is_member_of(committee_name):
+            log.debug(
+                "write.as_committee_member denied",
+                reason="not_member",
+                asf_uid=self.__authorisation.asf_uid,
+                committee_name=committee_name,
+                auth_source="asfquart" if 
self.__authorisation.is_asfquart_session else "ldap",
+                member_of=sorted(self.__authorisation.member_of()),
+                participant_of=sorted(self.__authorisation.participant_of()),
+            )
             return outcome.Error(AccessError(f"{self.__authorisation.asf_uid} 
is not a member of {committee_name}"))
         try:
             wacm = WriteAsCommitteeMember(self, self.__data, committee_name)


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to